Systems that host applications with different safety level requirements, (e.g. mixed criticality systems), are becoming more prevalent in automotive vehicle networks. For example, a single processor may host an application that affects steering, with a less safety critical application that affects fuel economy. Increasing levels of system integration have resulted in multi-core devices and powerful domain controllers that increase the likelihood of mixing different safety levels within a single Electronic Control Unit (ECU).
ISO 26262 is a risk based standard regarding the functional safety of electrical and electronic systems within road vehicles. ISO26262 defines four Automotive Safety Integrity Levels (ASIL), namely ASIL A, ASIL B, ASIL C, ASIL D in order of integrity, with ASIL A being the lowest integrity level, and ASIL D being the highest integrity level. Hazards that are identified as simply Quality Management (QM) do not dictate any safety requirements.
With automotive vehicle networks running applications having different ASIL classifications, there is a need to separately manage the respective faults of each application to ensure adequate system availability without unduly compromising fault management. For example, a system hosting an ASIL B application on a higher integrity ASIL D platform may generate a higher number of faults than on a native ASIL B platform. This can lead to excessive warranty and service costs for faults that do not otherwise dictate such costly measures.